Pandora’s Box: Inquiry opens universal surveillance floodgates

news A move by the Greens to set up a Senate inquiry into the potential reform of Australia’s surveillance laws appears to have opened a giant Pandora’s Box of debate about the issue, with Australian law enforcement agencies using the process to demand massively increased electronic surveillance rights, including data retention of users’ communications.

The Greens have taken a strong stance against the need for unfettered surveillance of Australians by law enforcement agencies, with Communications Spokesperson Scott Ludlam (who is currently campaigning to save his Senate seat in Western Australia) stating that review of the TIA Act was “well overdue” due to its outdated nature.

The Greens appear to have taken the view that an inquiry into the potential future reform of the Act would lead to it being modernised and Australians receiving higher levels of privacy in terms of their usage of telecommunications services. However, if submissions to the inquiry so far are any indication, the inquiry itself may act as a Pandora’s Box for the issue of surveillance in Australia. Already, several different groups have used the forum to call for massively increased surveillance powers for Australian government agencies, although others have also used the forum to call for increased privacy rights for individuals.

Of particular interest to those interested in digital rights in Australia will be the extensive submission put into the review by the Attorney-General’s Department, which contains within its remit most of the Federal Government agencies who make the most use of Internet surveillance — including the Australian Federal Police and the Australian Security Intelligence Organisation.

The department’s submission (available online in PDF format) acknowledges in its opening pages that the privacy rights contained in the TIA Act are inadequate and that oversight of those agencies using the Act to facilitate telecommunications surveillance is also lacking.

“With the development of communications technology … the Act is in danger of no longer sufficiently fulfilling either of its key objectives and its oversight arrangements are, in part, fragmented and incomplete,” the department wrote in its submission to the Senate inquiry. “The privacy protections in the Act, although strong, require future-proofing to keep pace with the changes in technology.”

However, the submission by the Attorney-General’s Department very quickly segues into a discussion of how surveillance powers could be massively expanded through a reform of the TIA Act, to allow government surveillance to penetrate all layers of modern communications.

Of particular concern to the department and its portfolio agencies is the fact that technological change has meant that it’s no longer easy for government authorities to gain access to individuals’ telecommunications records. When the Act was written, most telecommunications took place over tradition PSTN telephone lines owned and operated by Telecom Australia (now Telstra).

However, as the submission points out, there are now multiple layers of networks over which Australians can communicate, including different physical network layers (mobile, copper, satellite, HFC cable), different network providers, different Internet access providers, and even different application service providers such as Microsoft, Google, Facebook, Twitter and more.

In its submission, the department argued that the warrants required to access telecommunications data should be simplified and that all of these layers should be made available through what it described as an “attribute-based” model for access to users’ telecommunications — in short, that warrants would use information such as a time of day or geographic location to target a users’ data, rather than, say, their specific phone number or mobile device.

The department is also seeking further powers. For example, the submission pointed out that criminals are making increased use of encrypted data in their telecommunications, and argued that law enforcement authorities should be allowed to issue warrants forcing individuals or service providers to, for example, decrypt that data. This is not a current power that law enforcement agencies enjoy.

In addition, the department again raised the spectre of controversial data retention provisions — largely rejected by a parliamentary committee last year — being added to surveillance legislation. This would require ISPs and telcos to maintain data on their subscribers’ use of telecommunications services for a set period — the department’s submission gives the example of two years.

Despite the already high number of warrantless accesses to telecommunications data every year — some 300,000 requests were made in the past financial year — virtually every law enforcement agency also called for simplified systems for obtaining warrants for telecommunications interception.

Most of the law enforcement agencies acknowledged the need for simultaneous reform of rules protecting Australians’ privacy from abuse of the powers outlined in the TIA Act and the need for additional oversight of use of the powers; however, their submissions tended to focus heavily on the need for increased powers and only in a minor fashion on the need to protect individuals’ rights.

Only a handful of submissions out of the 35 currently filed — including digital rights groups Electronic Frontiers Australia and the Pirate Party Australia (both tiny organisations) — focused on the need for stronger privacy rights and oversight of telecommunications surveillance.

opinion/analysis
Wow. I think Greens Senator Scott Ludlam may have bitten off more than he — or anyone else — can chew here. I recommend you read some of the submissions published here, especially those from the Attorney-General’s Department, ASIO and the Australian Federal Police. These are mammoth submissions calling for huge increases in surveillance powers and drastically simplified warrant systems, but generally without producing significant evidence that such powers are required.

Australia’s digital rights community hailed the formation of this inquiry as a victory for transparency and accountability in terms of our national telecommunications surveillance regime, in the context of massive government use of that regime.

In response, our extremely well-funded and resourced law enforcement agencies have hit back with the nuclear option, making giant ambit claims for massively expanded electronic surveillance powers, and re-heating demands for comprehensive and universal data retention, even stretching to individuals’ web browsing history logs.

The tiny submissions made by digital rights groups such as the EFA and the Pirate Party Australia, in comparison to these huge law enforcement documents, look like twigs blowing in the wind of a giant hurricane. And in the face of bi-partisan major party support, the Greens’ efforts here will also look quite miniscule. If you’re interested in digital rights and privacy in Australia at all, I encourage you to share information about what’s happening here. It may well be our last chance to escape a society based on universal law enforcement access to all telecommunications.

I, and I’d say a non-trivial percentage of Delimiters readers, would tend to lean towards technical solutions to bypassing or rendering moot such surveillance legislation. The point of Peter Sunde’s speech, to my mind, is that technical solutions don’t equate to the progress of society. We may get hot under the collar about the issue, and we may go so far as to take technical measures to ensure that “it doesn’t apply to us” but that doesn’t help anyone else, and therefore it’s an apathetic approach.

One way or another, we need to involve ourselves in the decision making process.

This inquiry ultimately doesn’t matter, in my opinion. Whichever side of government starts adhering to these ridiculous demands is going to find themselves on the other end of an election belting and the pollies know it. Conroy’s filter and the backlash to it was the end of the line for extreme internet surveillance and censorship.

The same media with diminishing and aging readers who are decreasing through natural attrition.

There’s a reason they call it the old media.

This is increasingly an issue no matter how much the marginalised old media and politicians like to pretend otherwise. It’s not a Right/Left issue but rather an Authority vs Liberty one. The Australian Governments (all of them) are very pro unthinking following of their authority and old media backs this to the hilt.

It’s a philosophical change that we need – and I think it’s still coming no matter how hard they set themselves against it.

On the politics of it: Both sides of politics will most likely support most aspects of this massive expansion of the surveillance regime. For this reason there will be limited political backlash.

@Daniel: Every person who is technically capable of protecting their own privacy has a moral obligation to help everyone else get the same level of protection. Privacy is not the right only of a technical elite.

You are right we do need to involve ourselves more in the political process.

“Despite the already high number of warrantless accesses to telecommunications data every year — some 300,000 requests were made in the past financial year — virtually every law enforcement agency also called for simplified systems for obtaining warrants for telecommunications interception.”

this is the important part. Law enforcement agencies DO need a streamlined process for getting warrants. As it stands now, they need to get a warrant or a court order for every single type of communication medium that a suspect may use.

but it must be balanced by strict controls and serious penalties for warrantless access. We need a new law enforcement agency tasked with investigating and prosecuting law enforcement agencies for breaching the law, with appropriate compensation sought for and on behalf of those who have been affected by their breaches, even if they do not know it!

1. The egency to investigate breaking of the law by ASIO theoretically already exists. The agency to investigate breaking of the law by law enforcement agencies already exists.

2. However that misses the point somewhat – if the law is changed so that there is a massive expansion of the powers of ASIO / law enforcement agencies then they don’t have to break the law in order to do wrong – to a greater and greater extent. This debate is about what the law should be i.e. what powers the law should grant them.

For example, the NSA claims that US law grants them the power to intercept 100% of network traffic coming from overseas without any kind of warrant. If that’s correct then as far as *your* traffic or *my* traffic is concerned, there is absolutely no risk that the NSA will break the law because the law doesn’t place any restrictions on them in the first place ! (or so they claim)

3. I’m not sure what you mean by “every single type of communication medium”. Agencies can get a named person warrant. Such a warrant covers a creative suspect who uses services that the agencies don’t even know about and would presumably cover interception of every type of communication medium provided that that medium uses electromagnetic energy.

4. There are no penalties for warrantless access to telecommunications data because the law does not currently require agencies to get a warrant at all for that !

There was a time, not so long ago, when everything on the web was unencrypted. If the police wanted to intercept somebodies connection they could get a warrant and watch everything that passed through the ISP.

But we gave them and inch, and now they try to take a mile. They now want ISP’s to store all data – and pay for the exercise. In response the big players like Google and Microsoft encrypt their connections by default. There is a proposal to make http2 encrypt all connections by default.

So in their zeal they’ve turned the internet into a privacy war zone. They demand more access, and in response everyone encrypts their data to deny it.

In the long run it’s not a battle they will win. Everything will be encrypted by default with perfect forward secrecy. Not only won’t they get their meta data, they won’t even be able to ask ISP’s to spy on connections even if they have a suitable warrant.

And in the process they have destroyed useful optimisations – like proxies. Idiots.

The pro-NBN lobby cannot muster the electoral support from the masses to even curb the ridiculous trajectory MT seems to be plotting. And most of the names that bob up frequently in Delimiter articles about the NBN can’t even be bothered making a token appearance here.

Does that adequately detail just how unlikely broad support against these measures is likely to be?

The majority vote their party unless there is an issue near and dear to them. In terms of brutality and totalitarianism, both parties are trying to race each other to the bottom. And few care to stand against it.

If we get the government we deserve, what does that say about the electorate in Australia…

Get our 'Best of the Week' newsletter on Fridays

Enterprise IT stories

If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.